Bitlocker. What is it?
Over the last 2 years, The City of Portland has rolled out a new-to-us control to protect city information from physical device theft or loss. This control meets requirements in our various compliance standards and is required in our policies.
The City of Portland must meet the following compliance standards:
- Payment Card Industry - Data Security Standard (PCI)
- Health Information Portability and Accountability Act (HIPAA or PHI)
- Criminal Justice Information Services (CJIS)
- State of Oregon Identity Protection Act (PII)
- City Information Security Policies
Each of those have requirements to protect their information/data while it is "at rest" or stored on a computer system. Having Bitlocker on all workstations and laptops ensures the City meets requirements for each of the above standards.
Ok, but what is it?
Bitlocker is a software product provided by Microsoft on all Windows 10 machines. Bitlocker encrypts the whole computer's storage device (hard drive). The only way to extract the information in a Bitlocker encrypted device is to decrypt it by supplying the Bitlocker key (which is done by the hardware device), then supply a valid username and password to the computer.
Encryption is used to scramble the information such that no-one can read or use the information unless they know the secret key to decrypt the information first. Bitlocker ensures only authorized City employees can access the keys.
Other vendors have done the same thing within their systems. Some examples:
- Apple iPhones use built-in encryption as soon as you set a pin or pass-code to get into your device.
- Android phones use built-in encryption and must be turned on manually.
- Apple Mac computers have FileVault, Apple's version of BitLocker.
- The City's large storage solution, the SAN, provides encryption for all servers at the City.
Problems or Concerns?
What happens if the City loses the key? Well, the data is lost. This is one reason why BTS requires all data to be stored on servers and not workstations. If someone loses a workstation or laptop, the City does not want to lose City information.
The City has experienced a number of issues with BitLocker, where the system stops accessing the key and BTS has to manually intervene and sometimes replace the hardware. In these cases, there can be hours where the City user cannot access their computer or do work. BTS is working with Microsoft and our hardware vendor to resolve these issues.